Ransomware group aurora hits Kochs GmbH

[manufacturer] *** — a family-owned German manufacturer of windows, doors, and aluminium façade systems headquartered in Herzogenrath, Nordrhein-Westfalen, with ~240 employees across Germany, the Netherlands, and Hungary. The exposed material includes: 22 GB of payroll database backups (7 MSSQL .bak files, 2016–2023) — every employee's salary, bank IBAN, tax class, social insurance number, pension contributions, and wage garnishments. 2.3 GB of DATEV payroll records (through May 2026) — individual named salary documents, garnishment data, company car records for all three entities. 7 Active Directory passwords in plaintext batch scripts — including both Managing Directors, with one MD's credentials spanning three separate AD domains. 28+ proprietary application source code repositories — WinPro ERP, Apertum CRM, MES integrations, production viewers, time-tracking, and rack-management systems. Each one hardcodes its database credentials. SSL/TLS private keys for kochs.de (2021–2026) — enabling domain impersonation and man-in-the-middle attacks. 77 VPN pre-shared keys from the LANCOM gateway configuration — the complete remote-access roster since 2018. Managing Director's MRI and X-ray scans — brain and spine medical imaging, GDPR Art. 9 special category health data. 16 named employee disciplinary records, 11 driver's license scans, attorney-client privileged litigation files from two active employment lawsuits. Complete financial records — 2024 annual accounts, P&L, balance sheets, SFirm banking database, Syska ProFI general ledger, cost accounting through December 2024.

Posted by the aurora threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.